12021-04-08 Release Manager 2 3 * GCC 10.3.0 released. 4 52020-07-23 Release Manager 6 7 * GCC 10.2.0 released. 8 92020-05-07 Release Manager 10 11 * GCC 10.1.0 released. 12 132020-04-28 David Malcolm <dmalcolm@redhat.com> 14 15 PR analyzer/94816 16 * engine.cc (impl_region_model_context::on_unexpected_tree_code): 17 Handle NULL tree. 18 * region-model.cc (region_model::add_region_for_type): Handle 19 NULL type. 20 * region-model.h 21 (test_region_model_context::on_unexpected_tree_code): Handle NULL 22 tree. 23 242020-04-28 David Malcolm <dmalcolm@redhat.com> 25 26 PR analyzer/94447 27 PR analyzer/94639 28 PR analyzer/94732 29 PR analyzer/94754 30 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete. 31 * program-state.cc (selftest::test_program_state_dumping): Update 32 expected dump result for removal of "uninit". 33 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT 34 case. 35 (root_region::ensure_stack_region): Initialize stack with null 36 svalue_id rather than with a typeless POISON_KIND_UNINIT value. 37 (root_region::ensure_heap_region): Likewise for the heap. 38 (region_model::dump_summary_of_rep_path_vars): Remove 39 summarization of uninit values. 40 (region_model::validate): Remove check that the stack has a 41 POISON_KIND_UNINIT value. 42 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT 43 case. 44 (poisoned_value_diagnostic::describe_final_event): Likewise. 45 (selftest::test_dump): Update expected dump result for removal of 46 "uninit". 47 (selftest::test_svalue_equality): Remove "uninit" and "freed". 48 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT. 49 502020-04-01 David Malcolm <dmalcolm@redhat.com> 51 52 PR analyzer/94378 53 * checker-path.cc: Include "bitmap.h". 54 * constraint-manager.cc: Likewise. 55 * diagnostic-manager.cc: Likewise. 56 * engine.cc: Likewise. 57 (exploded_node::detect_leaks): Pass null region_id to pop_frame. 58 * program-point.cc: Include "bitmap.h". 59 * program-state.cc: Likewise. 60 * region-model.cc (id_set<region_id>::id_set): Convert to... 61 (region_id_set::region_id_set): ...this. 62 (svalue_id_set::svalue_id_set): New ctor. 63 (region_model::copy_region): New function. 64 (region_model::copy_struct_region): New function. 65 (region_model::copy_union_region): New function. 66 (region_model::copy_array_region): New function. 67 (stack_region::pop_frame): Drop return value. Add 68 "result_dst_rid" param; if it is non-null, use copy_region to copy 69 the result to it. Rather than capture and pass a single "known 70 used" return value to be used by purge_unused_values, instead 71 gather and pass a set of known used return values. 72 (root_region::pop_frame): Drop return value. Add "result_dst_rid" 73 param. 74 (region_model::on_assignment): Use copy_region. 75 (region_model::on_return): Likewise for the result. 76 (region_model::on_longjmp): Pass null for pop_frame's 77 result_dst_rid. 78 (region_model::update_for_return_superedge): Pass the region for the 79 return value of the call, if any, to pop_frame, rather than setting 80 the lvalue for the lhs of the result. 81 (region_model::pop_frame): Drop return value. Add 82 "result_dst_rid" param. 83 (region_model::purge_unused_svalues): Convert third param from an 84 svalue_id * to an svalue_id_set *, updating the initial populating 85 of the "used" bitmap accordingly. Don't remap it when done. 86 (struct selftest::coord_test): New selftest fixture, extracted from... 87 (selftest::test_dump_2): ...here. 88 (selftest::test_compound_assignment): New selftest. 89 (selftest::test_stack_frames): Pass null to new param of pop_frame. 90 (selftest::analyzer_region_model_cc_tests): Call the new selftest. 91 * region-model.h (class id_set): Delete template. 92 (class region_id_set): Reimplement, using old id_set implementation. 93 (class svalue_id_set): Likewise. Convert from auto_sbitmap to 94 auto_bitmap. 95 (region::get_active_view): New accessor. 96 (stack_region::pop_frame): Drop return value. Add 97 "result_dst_rid" param. 98 (root_region::pop_frame): Likewise. 99 (region_model::pop_frame): Likewise. 100 (region_model::copy_region): New decl. 101 (region_model::purge_unused_svalues): Convert third param from an 102 svalue_id * to an svalue_id_set *. 103 (region_model::copy_struct_region): New decl. 104 (region_model::copy_union_region): New decl. 105 (region_model::copy_array_region): New decl. 106 1072020-03-27 David Malcolm <dmalcolm@redhat.com> 108 109 * program-state.cc (selftest::test_program_state_dumping): Update 110 expected dump to include symbolic_region's possibly_null field. 111 * region-model.cc (symbolic_region::print_fields): New vfunc 112 implementation. 113 (region_model::add_constraint): Clear m_possibly_null from 114 symbolic_regions now known to be non-NULL. 115 (selftest::test_malloc_constraints): New selftest. 116 (selftest::analyzer_region_model_cc_tests): Call it. 117 * region-model.h (region::dyn_cast_symbolic_region): Add non-const 118 overload. 119 (symbolic_region::dyn_cast_symbolic_region): Implement it. 120 (symbolic_region::print_fields): New vfunc override decl. 121 1222020-03-27 David Malcolm <dmalcolm@redhat.com> 123 124 * analyzer.h (class feasibility_problem): New forward decl. 125 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): 126 Initialize new fields m_status, m_epath_length, and m_problem. 127 (saved_diagnostic::~saved_diagnostic): Delete m_problem. 128 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a 129 const ref to a mutable ptr. 130 (dedupe_winners::add): Convert "sd" param from a const ref to a 131 mutable ptr. Record the length of the exploded_path. Record the 132 feasibility/infeasibility of sd into sd, capturing a 133 feasibility_problem when feasible_p fails, and storing it in sd. 134 (diagnostic_manager::emit_saved_diagnostics): Update for pass by 135 ptr rather than by const ref. 136 * diagnostic-manager.h (class saved_diagnostic): Add new enum 137 status. Add fields m_status, m_epath_length and m_problem. 138 (saved_diagnostic::set_feasible): New member function. 139 (saved_diagnostic::set_infeasible): New member function. 140 (saved_diagnostic::get_feasibility_problem): New accessor. 141 (saved_diagnostic::get_status): New accessor. 142 (saved_diagnostic::set_epath_length): New member function. 143 (saved_diagnostic::get_epath_length): New accessor. 144 * engine.cc: Include "gimple-pretty-print.h". 145 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write 146 a new feasibility_problem to it on failure. 147 (viz_callgraph_node::dump_dot): Convert begin_tr calls to 148 begin_trtd. Convert end_tr calls to end_tdtr. 149 (class exploded_graph_annotator): New subclass of dot_annotator. 150 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump 151 after the analysis runs, using exploded_graph_annotator. dumping 152 to DUMP_BASE_NAME.supergraph-eg.dot. 153 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make 154 public. 155 (exploded_path::feasible_p): Add OUT param. 156 (class feasibility_problem): New class. 157 * state-purge.cc (state_purge_annotator::add_node_annotations): 158 Return a bool, add a "within_table" param. 159 (print_vec_of_names): Convert begin_tr calls to begin_trtd. 160 Convert end_tr calls to end_tdtr. 161 (state_purge_annotator::add_stmt_annotations): Add "within_row" 162 param. 163 * state-purge.h ((state_purge_annotator::add_node_annotations): 164 Return a bool, add a "within_table" param. 165 (state_purge_annotator::add_stmt_annotations): Add "within_row" 166 param. 167 * supergraph.cc (supernode::dump_dot): Call add_node_annotations 168 twice: as before, passing false for "within_table", then again 169 with true when within the TABLE element. Convert some begin_tr 170 calls to begin_trtd, and some end_tr calls to end_tdtr. 171 Repeat each add_stmt_annotations call, distinguishing between 172 calls that add TRs and those that add TDs to an existing TR. 173 Add a call to add_after_node_annotations. 174 * supergraph.h (dot_annotator::add_node_annotations): Add a 175 "within_table" param. 176 (dot_annotator::add_stmt_annotations): Add a "within_row" param. 177 (dot_annotator::add_after_node_annotations): New vfunc. 178 1792020-03-27 David Malcolm <dmalcolm@redhat.com> 180 181 * diagnostic-manager.cc (dedupe_winners::add): Show the 182 exploded_node index in the log messages. 183 (diagnostic_manager::emit_saved_diagnostics): Log a summary of 184 m_saved_diagnostics at entry. 185 1862020-03-27 David Malcolm <dmalcolm@redhat.com> 187 188 * supergraph.cc (superedge::dump): Add space before description; 189 move newline to non-pretty_printer overload. 190 1912020-03-18 David Malcolm <dmalcolm@redhat.com> 192 193 * region-model.cc: Include "stor-layout.h". 194 (region_model::dump_to_pp): Rather than calling 195 dump_summary_of_map on each of the current frame and the globals, 196 instead get a vec of representative path_vars for all regions, 197 and then dump a summary of all of them. 198 (region_model::dump_summary_of_map): Delete, rewriting into... 199 (region_model::dump_summary_of_rep_path_vars): ...this new 200 function, working on a vec of path_vars. 201 (region_model::set_value): New overload. 202 (region_model::get_representative_path_var): Rename 203 "parent_region" local to "parent_reg" and consolidate with other 204 local. Guard test for grandparent being stack on parent_reg being 205 non-NULL. Move handling for parent being an array_region to 206 within guard for parent_reg being non-NULL. 207 (selftest::make_test_compound_type): New function. 208 (selftest::test_dump_2): New selftest. 209 (selftest::test_dump_3): New selftest. 210 (selftest::test_stack_frames): Update expected output from 211 simplified dump to show "a" and "b" from parent frame and "y" in 212 child frame. 213 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and 214 test_dump_3. 215 * region-model.h (region_model::set_value): New overload decl. 216 (region_model::dump_summary_of_map): Delete. 217 (region_model::dump_summary_of_rep_path_vars): New. 218 2192020-03-18 David Malcolm <dmalcolm@redhat.com> 220 221 * region-model.h (class noop_region_model_context): New subclass 222 of region_model_context. 223 (class tentative_region_model_context): Inherit from 224 noop_region_model_context rather than from region_model_context; 225 drop redundant vfunc implementations. 226 (class test_region_model_context): Likewise. 227 2282020-03-18 David Malcolm <dmalcolm@redhat.com> 229 230 * engine.cc (exploded_node::exploded_node): Move implementation 231 here from header; accept point_and_state by const reference rather 232 than by value. 233 * exploded-graph.h (exploded_node::exploded_node): Pass 234 point_and_state by const reference rather than by value. Move 235 body to engine.cc. 236 2372020-03-18 Jakub Jelinek <jakub@redhat.com> 238 239 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word 240 issue in a comment. 241 * region-model.cc (region_model::make_region_for_unexpected_tree_code, 242 region_model::delete_region_and_descendents): Likewise. 243 * engine.cc (class exploded_cluster): Likewise. 244 * diagnostic-manager.cc (class path_builder): Likewise. 245 2462020-03-13 David Malcolm <dmalcolm@redhat.com> 247 248 PR analyzer/94099 249 PR analyzer/94105 250 * diagnostic-manager.cc (for_each_state_change): Bulletproof 251 against errors in get_rvalue by passing a 252 tentative_region_model_context and rejecting if there's an error. 253 * region-model.cc (region_model::get_lvalue_1): When handling 254 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR. 255 2562020-03-06 David Malcolm <dmalcolm@redhat.com> 257 258 * analyzer.h (class array_region): New forward decl. 259 * program-state.cc (selftest::test_program_state_dumping_2): New. 260 (selftest::analyzer_program_state_cc_tests): Call it. 261 * region-model.cc (array_region::constant_from_key): New. 262 (region_model::get_representative_tree): Handle region_svalue by 263 generating an ADDR_EXPR. 264 (region_model::get_representative_path_var): In view handling, 265 remove erroneous TREE_TYPE when determining the type of the tree. 266 Handle array regions and STRING_CST. 267 (selftest::assert_dump_tree_eq): New. 268 (ASSERT_DUMP_TREE_EQ): New macro. 269 (selftest::test_get_representative_tree): New selftest. 270 (selftest::analyzer_region_model_cc_tests): Call it. 271 * region-model.h (region::dyn_cast_array_region): New vfunc. 272 (array_region::dyn_cast_array_region): New vfunc implementation. 273 (array_region::constant_from_key): New decl. 274 2752020-03-06 David Malcolm <dmalcolm@redhat.com> 276 277 * analyzer.h (dump_quoted_tree): New decl. 278 * engine.cc (exploded_node::dump_dot): Pass region model to 279 sm_state_map::print. 280 * program-state.cc: Include diagnostic-core.h. 281 (sm_state_map::print): Add "model" param and use it to print 282 representative trees. Only print origin information if non-null. 283 (sm_state_map::dump): Pass NULL for model to print call. 284 (program_state::print): Pass region model to sm_state_map::print. 285 (program_state::dump_to_pp): Use spaces rather than newlines when 286 summarizing. Pass region_model to sm_state_map::print. 287 (ana::selftest::assert_dump_eq): New function. 288 (ASSERT_DUMP_EQ): New macro. 289 (ana::selftest::test_program_state_dumping): New function. 290 (ana::selftest::analyzer_program_state_cc_tests): Call it. 291 * program-state.h (program_state::print): Add model param. 292 * region-model.cc (dump_quoted_tree): New function. 293 (map_region::print_fields): Use dump_quoted_tree rather than 294 %qE to avoid lang-dependent output. 295 (map_region::dump_child_label): Likewise. 296 (region_model::dump_summary_of_map): For SK_REGION, when 297 get_representative_path_var fails, print the region id rather than 298 erroneously printing NULL. 299 * sm.cc (state_machine::get_state_by_name): New function. 300 * sm.h (state_machine::get_state_by_name): New decl. 301 3022020-03-04 David Malcolm <dmalcolm@redhat.com> 303 304 * region-model.cc (region::validate): Convert model param from ptr 305 to reference. Update comment to reflect that it's now a vfunc. 306 (map_region::validate): New vfunc implementation. 307 (array_region::validate): New vfunc implementation. 308 (stack_region::validate): New vfunc implementation. 309 (root_region::validate): New vfunc implementation. 310 (region_model::validate): Pass a reference rather than a pointer 311 to the region::validate vfunc. 312 * region-model.h (region::validate): Make virtual. Convert model 313 param from ptr to reference. 314 (map_region::validate): New vfunc decl. 315 (array_region::validate): New vfunc decl. 316 (stack_region::validate): New vfunc decl. 317 (root_region::validate): New vfunc decl. 318 3192020-03-04 David Malcolm <dmalcolm@redhat.com> 320 321 PR analyzer/93993 322 * region-model.cc (region_model::on_call_pre): Handle 323 BUILT_IN_EXPECT and its variants. 324 (region_model::add_any_constraints_from_ssa_def_stmt): Split out 325 gassign handling into add_any_constraints_from_gassign; add gcall 326 handling. 327 (region_model::add_any_constraints_from_gassign): New function, 328 based on the above. Add handling for NOP_EXPR. 329 (region_model::add_any_constraints_from_gcall): New function. 330 (region_model::get_representative_path_var): Handle views. 331 * region-model.h 332 (region_model::add_any_constraints_from_ssa_def_stmt): New decl. 333 (region_model::add_any_constraints_from_gassign): New decl. 334 3352020-03-04 David Malcolm <dmalcolm@redhat.com> 336 337 PR analyzer/93993 338 * checker-path.h (state_change_event::get_lvalue): Add ctxt param 339 and pass it to region_model::get_value call. 340 * diagnostic-manager.cc (get_any_origin): Pass a 341 tentative_region_model_context to the calls to get_lvalue and reject 342 the comparison if errors occur. 343 (can_be_expr_of_interest_p): New function. 344 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for 345 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs. 346 Pass a tentative_region_model_context to the calls to 347 state_change_event::get_lvalue and reject the comparison if errors 348 occur. 349 (diagnostic_manager::update_for_unsuitable_sm_exprs): New. 350 * diagnostic-manager.h 351 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl. 352 * region-model.h (class tentative_region_model_context): New class. 353 3542020-03-04 David Malcolm <dmalcolm@redhat.com> 355 356 * engine.cc (worklist::worklist): Remove unused field m_eg. 357 (class viz_callgraph_edge): Remove unused field m_call_sedge. 358 (class viz_callgraph): Remove unused field m_sg. 359 * exploded-graph.h (worklist::::m_eg): Remove unused field. 360 3612020-03-02 David Malcolm <dmalcolm@redhat.com> 362 363 * analyzer.opt (fanalyzer-show-duplicate-count): New option. 364 * diagnostic-manager.cc 365 (diagnostic_manager::emit_saved_diagnostic): Use the above to 366 guard the printing of the duplicate count. 367 3682020-03-02 David Malcolm <dmalcolm@redhat.com> 369 370 PR analyzer/93959 371 * analyzer.cc (is_std_function_p): New function. 372 (is_std_named_call_p): New functions. 373 * analyzer.h (is_std_named_call_p): New decl. 374 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::" 375 variants when checking for malloc, calloc and free. 376 3772020-02-26 David Malcolm <dmalcolm@redhat.com> 378 379 PR analyzer/93950 380 * diagnostic-manager.cc 381 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is 382 either NULL or not a constant. When updating var, bulletproof 383 against constant values. 384 3852020-02-26 David Malcolm <dmalcolm@redhat.com> 386 387 PR analyzer/93947 388 * region-model.cc (region_model::get_fndecl_for_call): Gracefully 389 fail for fn_decls that don't have a cgraph_node. 390 3912020-02-26 David Malcolm <dmalcolm@redhat.com> 392 393 * bar-chart.cc: New file. 394 * bar-chart.h: New file. 395 * engine.cc: Include "analyzer/bar-chart.h". 396 (stats::log): Only log the m_num_nodes kinds that are non-zero. 397 (stats::dump): Likewise when dumping. 398 (stats::get_total_enodes): New. 399 (exploded_graph::get_or_create_node): Increment the per-point-data 400 m_excess_enodes when hitting the per-program-point limit on 401 enodes. 402 (exploded_graph::print_bar_charts): New. 403 (exploded_graph::log_stats): Log the number of unprocessed enodes 404 in the worklist. Call print_bar_charts. 405 (exploded_graph::dump_stats): Print the number of unprocessed 406 enodes in the worklist. 407 * exploded-graph.h (stats::get_total_enodes): New decl. 408 (struct per_program_point_data): Add field m_excess_enodes. 409 (exploded_graph::print_bar_charts): New decl. 410 * supergraph.cc (superedge::dump): New. 411 (superedge::dump): New. 412 * supergraph.h (supernode::get_function): New. 413 (superedge::dump): New decl. 414 (superedge::dump): New decl. 415 4162020-02-24 David Malcolm <dmalcolm@redhat.com> 417 418 * engine.cc (exploded_graph::get_or_create_node): Dump the 419 program_state to the pp, rather than to stderr. 420 4212020-02-24 David Malcolm <dmalcolm@redhat.com> 422 423 PR analyzer/93032 424 * sm.cc (make_checkers): Require the "taint" checker to be 425 explicitly enabled. 426 4272020-02-24 David Malcolm <dmalcolm@redhat.com> 428 429 PR analyzer/93899 430 * engine.cc 431 (impl_region_model_context::impl_region_model_context): Add logger 432 param. 433 * engine.cc (exploded_graph::add_function_entry): Create an 434 impl_region_model_context and pass it to the push_frame call. 435 Bail if the resulting state is invalid. 436 (exploded_graph::build_initial_worklist): Likewise. 437 (exploded_graph::build_initial_worklist): Handle the case where 438 add_function_entry fails. 439 * exploded-graph.h 440 (impl_region_model_context::impl_region_model_context): Add logger 441 param. 442 * region-model.cc (map_region::get_or_create): Add ctxt param and 443 pass it to add_region_for_type. 444 (map_region::can_merge_p): Pass NULL as a ctxt to call to 445 get_or_create. 446 (array_region::get_element): Pass ctxt to call to get_or_create. 447 (array_region::get_or_create): Add ctxt param and pass it to 448 add_region_for_type. 449 (root_region::push_frame): Pass ctxt to get_or_create calls. 450 (region_model::get_lvalue_1): Likewise. 451 (region_model::make_region_for_unexpected_tree_code): Assert that 452 ctxt is non-NULL. 453 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl 454 and get_svalue_for_label calls. 455 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it 456 to get_region_for_fndecl. 457 (region_model::get_region_for_fndecl): Add ctxt param and pass it 458 to get_or_create. 459 (region_model::get_svalue_for_label): Add ctxt param and pass it 460 to get_region_for_label. 461 (region_model::get_region_for_label): Add ctxt param and pass it 462 to get_region_for_fndecl and get_or_create. 463 (region_model::get_field_region): Add ctxt param and pass it to 464 get_or_create_view and get_or_create. 465 (make_region_for_type): Replace gcc_unreachable with return NULL. 466 (region_model::add_region_for_type): Add ctxt param. Handle a 467 return of NULL from make_region_for_type by calling 468 make_region_for_unexpected_tree_code. 469 (region_model::get_or_create_mem_ref): Pass ctxt to calls to 470 get_or_create_view. 471 (region_model::get_or_create_view): Add ctxt param and pass it to 472 add_region_for_type. 473 (selftest::test_state_merging): Pass ctxt to get_or_create_view. 474 * region-model.h (region_model::get_or_create): Add ctxt param. 475 (region_model::add_region_for_type): Likewise. 476 (region_model::get_svalue_for_fndecl): Likewise. 477 (region_model::get_svalue_for_label): Likewise. 478 (region_model::get_region_for_fndecl): Likewise. 479 (region_model::get_region_for_label): Likewise. 480 (region_model::get_field_region): Likewise. 481 (region_model::get_or_create_view): Likewise. 482 4832020-02-24 David Malcolm <dmalcolm@redhat.com> 484 485 * checker-path.cc (superedge_event::should_filter_p): Update 486 filter for empty descriptions to cover verbosity level 3 as well 487 as 2. 488 * diagnostic-manager.cc: Include "analyzer/reachability.h". 489 (class path_builder): New class. 490 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder 491 and pass it to build_emission_path, rather passing eg; similarly 492 for add_events_for_eedge and ext_state. 493 (diagnostic_manager::build_emission_path): Replace "eg" param 494 with a path_builder, pass it to add_events_for_eedge. 495 (diagnostic_manager::add_events_for_eedge): Replace ext_state 496 param with path_builder; pass it to add_events_for_superedge. 497 (diagnostic_manager::significant_edge_p): New. 498 (diagnostic_manager::add_events_for_superedge): Add path_builder 499 param. Reject insignificant edges at verbosity levels below 3. 500 (diagnostic_manager::prune_for_sm_diagnostic): Update highest 501 verbosity level to 4. 502 * diagnostic-manager.h (class path_builder): New forward decl. 503 (diagnostic_manager::build_emission_path): Replace "eg" param 504 with a path_builder. 505 (diagnostic_manager::add_events_for_eedge): Replace ext_state 506 param with path_builder. 507 (diagnostic_manager::significant_edge_p): New. 508 (diagnostic_manager::add_events_for_superedge): Add path_builder 509 param. 510 * reachability.h: New file. 511 5122020-02-18 David Malcolm <dmalcolm@redhat.com> 513 514 PR analyzer/93692 515 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description. 516 5172020-02-18 David Malcolm <dmalcolm@redhat.com> 518 519 PR analyzer/93777 520 * region-model.cc (region_model::maybe_cast_1): Replace assertion 521 that build_cast returns non-NULL with a conditional, falling 522 through to the logic which returns a new unknown value of the 523 desired type if it fails. 524 5252020-02-18 David Malcolm <dmalcolm@redhat.com> 526 527 PR analyzer/93778 528 * engine.cc (impl_region_model_context::on_unknown_tree_code): 529 Rename to... 530 (impl_region_model_context::on_unexpected_tree_code): ...this and 531 convert first argument from path_var to tree. 532 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall. 533 * exploded-graph.h (region_model_context::on_unknown_tree_code): 534 Rename to... 535 (region_model_context::on_unexpected_tree_code): ...this and 536 convert first argument from path_var to tree. 537 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add 538 ctxt param and pass on to calls to get_rvalue. 539 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add 540 ctxt param. 541 * region-model.cc (region_model::handle_unrecognized_call): Pass 542 ctxt on to call to get_rvalue. 543 (region_model::get_lvalue_1): Move body of default case to 544 region_model::make_region_for_unexpected_tree_code and call it. 545 Within COMPONENT_REF case, reject attempts to handle types other 546 than RECORD_TYPE and UNION_TYPE. 547 (region_model::make_region_for_unexpected_tree_code): New 548 function, based on default case of region_model::get_lvalue_1. 549 * region-model.h 550 (region_model::make_region_for_unexpected_tree_code): New decl. 551 (region_model::on_unknown_tree_code): Rename to... 552 (region_model::on_unexpected_tree_code): ...this and convert first 553 argument from path_var to tree. 554 (class test_region_model_context): Update vfunc implementation for 555 above change. 556 5572020-02-18 David Malcolm <dmalcolm@redhat.com> 558 559 PR analyzer/93774 560 * region-model.cc 561 (region_model::convert_byte_offset_to_array_index): Use 562 int_size_in_bytes before calling size_in_bytes, to gracefully fail 563 on incomplete types. 564 5652020-02-17 David Malcolm <dmalcolm@redhat.com> 566 567 PR analyzer/93775 568 * region-model.cc (region_model::get_fndecl_for_call): Handle the 569 case where the code_region's get_tree_for_child_region returns 570 NULL. 571 5722020-02-17 David Malcolm <dmalcolm@redhat.com> 573 574 PR analyzer/93388 575 * engine.cc (impl_region_model_context::on_unknown_tree_code): 576 New. 577 (exploded_graph::get_or_create_node): Reject invalid states. 578 * exploded-graph.h 579 (impl_region_model_context::on_unknown_tree_code): New decl. 580 (point_and_state::point_and_state): Assert that the state is 581 valid. 582 * program-state.cc (program_state::program_state): Initialize 583 m_valid to true. 584 (program_state::operator=): Copy m_valid. 585 (program_state::program_state): Likewise for move constructor. 586 (program_state::print): Print m_valid. 587 (program_state::dump_to_pp): Likewise. 588 * program-state.h (program_state::m_valid): New field. 589 * region-model.cc (region_model::get_lvalue_1): Implement the 590 default case by returning a new symbolic region and calling 591 the context's on_unknown_tree_code, rather than issuing an 592 internal_error. Implement VIEW_CONVERT_EXPR. 593 * region-model.h (region_model_context::on_unknown_tree_code): New 594 vfunc. 595 (test_region_model_context::on_unknown_tree_code): New. 596 5972020-02-17 David Malcolm <dmalcolm@redhat.com> 598 599 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For 600 transition to the "null" state, only say "assuming" when 601 transitioning from the "unchecked" state. 602 6032020-02-17 David Malcolm <dmalcolm@redhat.com> 604 605 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic): 606 Add const overload. 607 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics. 608 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add 609 const overload. 610 6112020-02-11 David Malcolm <dmalcolm@redhat.com> 612 613 PR analyzer/93288 614 * analysis-plan.cc (analysis_plan::use_summary_p): Look through 615 the ultimate_alias_target when getting the called function. 616 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to 617 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than 618 gimple_call_fndecl. 619 * region-model.cc (region_model::get_fndecl_for_call): Use 620 ultimate_alias_target on fndecl. 621 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New 622 function. 623 (supergraph_call_edge): Use it when rejecting edges without 624 functions. 625 (supergraph::supergraph): Use it to get the function for the 626 cgraph_edge when building interprocedural superedges. 627 (callgraph_superedge::get_callee_function): Use it. 628 * supergraph.h (supergraph::get_num_snodes): Make param const. 629 (supergraph::function_to_num_snodes_t): Make first type param 630 const. 631 6322020-02-11 David Malcolm <dmalcolm@redhat.com> 633 634 PR analyzer/93374 635 * engine.cc (exploded_edge::exploded_edge): Add ext_state param 636 and pass it to change.validate. 637 (exploded_graph::get_or_create_node): Move purging of change 638 svalues to also cover the case of reusing an existing enode. 639 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's 640 ctor. 641 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state 642 param. 643 * program-state.cc (state_change::sm_change::validate): Likewise. 644 Assert that m_sm_idx is sane. Use ext_state to validate 645 m_old_state and m_new_state. 646 (state_change::validate): Add ext_state param and pass it to 647 the sm_change validate calls. 648 * program-state.h (state_change::sm_change::validate): Add 649 ext_state param. 650 (state_change::validate): Likewise. 651 6522020-02-11 David Malcolm <dmalcolm@redhat.com> 653 654 PR analyzer/93669 655 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing 656 case of STATUS_WORKLIST in implementation of 657 "__analyzer_dump_exploded_nodes". 658 6592020-02-11 David Malcolm <dmalcolm@redhat.com> 660 661 PR analyzer/93649 662 * constraint-manager.cc (constraint_manager::add_constraint): When 663 merging equivalence classes and updating m_constant, also update 664 m_cst_sid. 665 (constraint_manager::validate): If m_constant is non-NULL assert 666 that m_cst_sid is non-null and is valid. 667 6682020-02-11 David Malcolm <dmalcolm@redhat.com> 669 670 PR analyzer/93657 671 * analyzer.opt (fdump-analyzer): Reword description. 672 (fdump-analyzer-stderr): Likewise. 673 6742020-02-11 David Malcolm <dmalcolm@redhat.com> 675 676 * region-model.cc (print_quoted_type): New function. 677 (svalue::print): Use it to replace %qT. 678 (region::dump_to_pp): Likewise. 679 (region::dump_child_label): Likewise. 680 (region::print_fields): Likewise. 681 6822020-02-10 David Malcolm <dmalcolm@redhat.com> 683 684 PR analyzer/93659 685 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha" 686 -> "that" typo. 687 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" -> 688 "uninitialized" typo. 689 6902020-02-10 David Malcolm <dmalcolm@redhat.com> 691 692 PR analyzer/93350 693 * region-model.cc (region_model::get_lvalue_1): 694 Handle BIT_FIELD_REF. 695 (make_region_for_type): Handle VECTOR_TYPE. 696 6972020-02-10 David Malcolm <dmalcolm@redhat.com> 698 699 PR analyzer/93647 700 * diagnostic-manager.cc 701 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against 702 VAR being constant. 703 * region-model.cc (region_model::get_lvalue_1): Provide a better 704 error message when encountering an unhandled tree code. 705 7062020-02-10 David Malcolm <dmalcolm@redhat.com> 707 708 PR analyzer/93405 709 * region-model.cc (region_model::get_lvalue_1): Implement 710 CONST_DECL. 711 7122020-02-06 David Malcolm <dmalcolm@redhat.com> 713 714 * region-model.cc (region_model::maybe_cast_1): Attempt to provide 715 a region_svalue if either type is a pointer, rather than if both 716 types are pointers. 717 7182020-02-05 David Malcolm <dmalcolm@redhat.com> 719 720 * engine.cc (exploded_node::dump_dot): Show merger enodes. 721 (worklist::add_node): Assert that the node's m_status is 722 STATUS_WORKLIST. 723 (exploded_graph::process_worklist): Likewise for nodes from the 724 worklist. Set status of merged nodes to STATUS_MERGER. 725 (exploded_graph::process_node): Set status of node to 726 STATUS_PROCESSED. 727 (exploded_graph::dump_exploded_nodes): Rework handling of 728 "__analyzer_dump_exploded_nodes", splitting enodes by status into 729 "processed" and "merger", showing the count of just the processed 730 enodes at the call, rather than the count of all enodes. 731 * exploded-graph.h (exploded_node::status): New enum. 732 (exploded_node::exploded_node): Initialize m_status to 733 STATUS_WORKLIST. 734 (exploded_node::get_status): New getter. 735 (exploded_node::set_status): New setter. 736 7372020-02-04 David Malcolm <dmalcolm@redhat.com> 738 739 PR analyzer/93543 740 * engine.cc (pod_hash_traits<function_call_string>::mark_empty): 741 Eliminate reinterpret_cast. 742 (pod_hash_traits<function_call_string>::is_empty): Likewise. 743 7442020-02-03 David Malcolm <dmalcolm@redhat.com> 745 746 * constraint-manager.cc (range::constrained_to_single_element): 747 Replace fold_build2 with fold_binary. Remove unnecessary newline. 748 (constraint_manager::get_or_add_equiv_class): Replace fold_build2 749 with fold_binary in two places, and remove out-of-date comment. 750 (constraint_manager::eval_condition): Replace fold_build2 with 751 fold_binary. 752 * region-model.cc (constant_svalue::eval_condition): Likewise. 753 (region_model::on_assignment): Likewise. 754 7552020-02-03 David Malcolm <dmalcolm@redhat.com> 756 757 PR analyzer/93544 758 * diagnostic-manager.cc 759 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof 760 against bad choices due to bad paths. 761 * engine.cc (impl_region_model_context::on_phi): New. 762 * exploded-graph.h (impl_region_model_context::on_phi): New decl. 763 * region-model.cc (region_model::on_longjmp): Likewise. 764 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi 765 vfunc. 766 (region_model::update_for_phis): Pass phi to handle_phi. 767 * region-model.h (region_model::handle_phi): Add phi param. 768 (region_model_context::on_phi): New vfunc. 769 (test_region_model_context::on_phi): New. 770 * sm-malloc.cc (malloc_state_machine::on_phi): New. 771 (malloc_state_machine::on_zero_assignment): New. 772 * sm.h (state_machine::on_phi): New vfunc. 773 7742020-02-03 David Malcolm <dmalcolm@redhat.com> 775 776 * engine.cc (supernode_cluster::dump_dot): Show BB index as 777 well as SN index. 778 * supergraph.cc (supernode::dump_dot): Likewise. 779 7802020-02-03 David Malcolm <dmalcolm@redhat.com> 781 782 PR analyzer/93546 783 * region-model.cc (region_model::on_call_pre): Update for new 784 param of symbolic_region ctor. 785 (region_model::deref_rvalue): Likewise. 786 (region_model::add_new_malloc_region): Likewise. 787 (make_region_for_type): Likewise, preserving type. 788 * region-model.h (symbolic_region::symbolic_region): Add "type" 789 param and pass it to base class ctor. 790 7912020-02-03 David Malcolm <dmalcolm@redhat.com> 792 793 PR analyzer/93547 794 * constraint-manager.cc 795 (constraint_manager::get_or_add_equiv_class): Ensure types are 796 compatible before comparing constants. 797 7982020-01-31 David Malcolm <dmalcolm@redhat.com> 799 800 PR analyzer/93457 801 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather 802 than checking against void_type_node. 803 8042020-01-31 David Malcolm <dmalcolm@redhat.com> 805 806 PR analyzer/93373 807 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to... 808 (assert_compat_types): ...this, and bail when either type is NULL, 809 or when VOID_TYPE_P (dst_type). 810 (region_model::get_lvalue): Update for above conversion. 811 (region_model::get_rvalue): Likewise. 812 8132020-01-31 David Malcolm <dmalcolm@redhat.com> 814 815 PR analyzer/93379 816 * region-model.cc (region_model::update_for_return_superedge): 817 Move check for null result so that it also guards setting the 818 lhs. 819 8202020-01-31 David Malcolm <dmalcolm@redhat.com> 821 822 PR analyzer/93438 823 * region-model.cc (stack_region::can_merge_p): Split into a two 824 pass approach, creating all stack regions first, then populating 825 them. 826 (selftest::test_state_merging): Add test coverage for (a) the case 827 of self-merging a model in which a local in an older stack frame 828 points to a local in a more recent stack frame (which previously 829 would ICE), and (b) the case of self-merging a model in which a 830 local points to a global (which previously worked OK). 831 8322020-01-31 David Malcolm <dmalcolm@redhat.com> 833 834 * analyzer.cc (is_named_call_p): Replace tests for fndecl being 835 extern at file scope and having a non-NULL DECL_NAME with a call 836 to maybe_special_function_p. 837 * function-set.cc (function_set::contains_decl_p): Add call to 838 maybe_special_function_p. 839 8402020-01-31 David Malcolm <dmalcolm@redhat.com> 841 842 PR analyzer/93450 843 * constraint-manager.cc 844 (constraint_manager::get_or_add_equiv_class): Only compare constants 845 if their types are compatible. 846 * region-model.cc (constant_svalue::eval_condition): Replace check 847 for identical types with call to types_compatible_p. 848 8492020-01-30 David Malcolm <dmalcolm@redhat.com> 850 851 * program-state.cc (extrinsic_state::dump_to_pp): New. 852 (extrinsic_state::dump_to_file): New. 853 (extrinsic_state::dump): New. 854 * program-state.h (extrinsic_state::dump_to_pp): New decl. 855 (extrinsic_state::dump_to_file): New decl. 856 (extrinsic_state::dump): New decl. 857 * sm.cc: Include "pretty-print.h". 858 (state_machine::dump_to_pp): New. 859 * sm.h (state_machine::dump_to_pp): New decl. 860 8612020-01-30 David Malcolm <dmalcolm@redhat.com> 862 863 * diagnostic-manager.cc (for_each_state_change): Use 864 extrinsic_state::get_num_checkers rather than accessing m_checkers 865 directly. 866 * program-state.cc (program_state::program_state): Likewise. 867 * program-state.h (extrinsic_state::m_checkers): Make private. 868 8692020-01-30 David Malcolm <dmalcolm@redhat.com> 870 871 PR analyzer/93356 872 * region-model.cc (region_model::eval_condition): In both 873 overloads, bail out immediately on floating-point types. 874 (region_model::eval_condition_without_cm): Likewise. 875 (region_model::add_constraint): Likewise. 876 8772020-01-30 David Malcolm <dmalcolm@redhat.com> 878 879 PR analyzer/93450 880 * program-state.cc (sm_state_map::set_state): For the overload 881 taking an svalue_id, bail out if the set_state on the ec does 882 nothing. Convert the latter's return type from void to bool, 883 returning true if anything changed. 884 (sm_state_map::impl_set_state): Convert the return type from void 885 to bool, returning true if the state changed. 886 * program-state.h (sm_state_map::set_state): Convert return type 887 from void to bool. 888 (sm_state_map::impl_set_state): Likewise. 889 * region-model.cc (constant_svalue::eval_condition): Only call 890 fold_build2 if the types are the same. 891 8922020-01-29 Jakub Jelinek <jakub@redhat.com> 893 894 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove. 895 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h. 896 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or 897 POP_IGNORE_WFORMAT. 898 * state-purge.cc: Include diagnostic-core.h before 899 gimple-pretty-print.h. 900 (state_purge_annotator::add_node_annotations, print_vec_of_names): 901 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT. 902 * region-model.cc: Move diagnostic-core.h include before graphviz.h. 903 (path_var::dump, svalue::print, constant_svalue::print_details, 904 region::dump_to_pp, region::dump_child_label, region::print_fields, 905 map_region::print_fields, map_region::dump_dot_to_pp, 906 map_region::dump_child_label, array_region::print_fields, 907 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or 908 POP_IGNORE_WFORMAT. 909 9102020-01-28 David Malcolm <dmalcolm@redhat.com> 911 912 PR analyzer/93316 913 * engine.cc (rewind_info_t::update_model): Get the longjmp call 914 stmt via get_longjmp_call () rather than assuming it is the last 915 stmt in the longjmp's supernode. 916 (rewind_info_t::add_events_to_path): Get the location_t for the 917 rewind_from_longjmp_event via get_longjmp_call () rather than from 918 the supernode's get_end_location (). 919 9202020-01-28 David Malcolm <dmalcolm@redhat.com> 921 922 * region-model.cc (poisoned_value_diagnostic::emit): Update for 923 renaming of warning_at overload to warning_meta. 924 * sm-file.cc (file_leak::emit): Likewise. 925 * sm-malloc.cc (double_free::emit): Likewise. 926 (possible_null_deref::emit): Likewise. 927 (possible_null_arg::emit): Likewise. 928 (null_deref::emit): Likewise. 929 (null_arg::emit): Likewise. 930 (use_after_free::emit): Likewise. 931 (malloc_leak::emit): Likewise. 932 (free_of_non_heap::emit): Likewise. 933 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise. 934 * sm-signal.cc (signal_unsafe_call::emit): Likewise. 935 * sm-taint.cc (tainted_array_index::emit): Likewise. 936 9372020-01-27 David Malcolm <dmalcolm@redhat.com> 938 939 PR analyzer/93451 940 * region-model.cc (tree_cmp): For the REAL_CST case, impose an 941 arbitrary order on NaNs relative to other NaNs and to non-NaNs; 942 const-correctness tweak. 943 (ana::selftests::build_real_cst_from_string): New function. 944 (ana::selftests::append_interesting_constants): New function. 945 (ana::selftests::test_tree_cmp_on_constants): New test. 946 (ana::selftests::test_canonicalization_4): New test. 947 (ana::selftests::analyzer_region_model_cc_tests): Call the new 948 tests. 949 9502020-01-27 David Malcolm <dmalcolm@redhat.com> 951 952 PR analyzer/93349 953 * engine.cc (run_checkers): Save and restore input_location. 954 9552020-01-27 David Malcolm <dmalcolm@redhat.com> 956 957 * call-string.cc (call_string::cmp_1): Delete, moving body to... 958 (call_string::cmp): ...here. 959 * call-string.h (call_string::cmp_1): Delete decl. 960 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to... 961 (worklist::key_t::cmp): ...here. Implement hash comparisons 962 via comparison rather than subtraction to avoid overflow issues. 963 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl. 964 * region-model.cc (tree_cmp): Eliminate buggy checking for 965 symmetry. 966 9672020-01-27 David Malcolm <dmalcolm@redhat.com> 968 969 * analyzer.cc (is_named_call_p): Check that fndecl is "extern" 970 and at file scope. Potentially disregard prefix _ or __ in 971 fndecl's name. Bail if the identifier is NULL. 972 (is_setjmp_call_p): Expect a gcall rather than plain gimple. 973 Remove special-case check for leading prefix, and also check for 974 sigsetjmp. 975 (is_longjmp_call_p): Also check for siglongjmp. 976 (get_user_facing_name): New function. 977 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain 978 gimple. 979 (get_user_facing_name): New decl. 980 * checker-path.cc (setjmp_event::get_desc): Use 981 get_user_facing_name to avoid hardcoding the function name. 982 (rewind_event::rewind_event): Add rewind_info param, using it to 983 initialize new m_rewind_info field, and strengthen the assertion. 984 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to 985 avoid hardcoding the function name. 986 (rewind_to_setjmp_event::get_desc): Likewise. 987 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call 988 param and use it to initialize... 989 (setjmp_event::m_setjmp_call): New field. 990 (rewind_event::rewind_event): Add rewind_info param. 991 (rewind_event::m_rewind_info): New protected field. 992 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add 993 rewind_info param. 994 (class rewind_to_setjmp_event): Move rewind_info field to parent 995 class. 996 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge): 997 Update setjmp-handling for is_setjmp_call_p requiring a gcall; 998 pass the call to the new setjmp_event. 999 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p 1000 requiring a gcall. 1001 (stale_jmp_buf::emit): Use get_user_facing_name to avoid 1002 hardcoding the function names. 1003 (exploded_node::on_longjmp): Pass the longjmp_call when 1004 constructing rewind_info. 1005 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the 1006 rewind_from_longjmp_event's ctor. 1007 * exploded-graph.h (rewind_info_t::rewind_info_t): Add 1008 longjmp_call param. 1009 (rewind_info_t::get_longjmp_call): New. 1010 (rewind_info_t::m_longjmp_call): New. 1011 * region-model.cc (region_model::on_setjmp): Update comment to 1012 indicate this is also for sigsetjmp. 1013 * region-model.h (struct setjmp_record): Likewise. 1014 (class setjmp_svalue): Likewise. 1015 10162020-01-27 David Malcolm <dmalcolm@redhat.com> 1017 1018 PR analyzer/93276 1019 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these 1020 macros with GCC_VERSION >= 4006, making them no-op otherwise. 1021 * engine.cc (exploded_edge::exploded_edge): Specify template for 1022 base class initializer. 1023 (exploded_graph::add_edge): Specify template when chaining up to 1024 base class add_edge implementation. 1025 (viz_callgraph_node::dump_dot): Drop redundant "typename". 1026 (viz_callgraph_edge::viz_callgraph_edge): Specify template for 1027 base class initializer. 1028 * program-state.cc (sm_state_map::clone_with_remapping): Drop 1029 redundant "typename". 1030 (sm_state_map::print): Likewise. 1031 (sm_state_map::hash): Likewise. 1032 (sm_state_map::operator==): Likewise. 1033 (sm_state_map::remap_svalue_ids): Likewise. 1034 (sm_state_map::on_svalue_purge): Likewise. 1035 (sm_state_map::validate): Likewise. 1036 * program-state.h (sm_state_map::iterator_t): Likewise. 1037 * supergraph.h (superedge::superedge): Specify template for base 1038 class initializer. 1039 10402020-01-23 David Malcolm <dmalcolm@redhat.com> 1041 1042 PR analyzer/93375 1043 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail 1044 gracefully is the number of parameters at the callee exceeds the 1045 number of arguments at the call stmt. 1046 (callgraph_superedge::get_parm_for_arg): Likewise. 1047 10482020-01-22 David Malcolm <dmalcolm@redhat.com> 1049 1050 PR analyzer/93382 1051 * program-state.cc (sm_state_map::on_svalue_purge): If the 1052 entry survives, but the origin is being purged, then reset the 1053 origin to null. 1054 10552020-01-22 David Malcolm <dmalcolm@redhat.com> 1056 1057 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana. 1058 10592020-01-22 David Malcolm <dmalcolm@redhat.com> 1060 1061 PR analyzer/93378 1062 * engine.cc (setjmp_svalue::compare_fields): Update for 1063 replacement of m_enode with m_setjmp_record. 1064 (setjmp_svalue::add_to_hash): Likewise. 1065 (setjmp_svalue::get_index): Rename... 1066 (setjmp_svalue::get_enode_index): ...to this. 1067 (setjmp_svalue::print_details): Update for replacement of m_enode 1068 with m_setjmp_record. 1069 (exploded_node::on_longjmp): Likewise. 1070 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace... 1071 (rewind_info_t::m_setjmp_record): ...with this. 1072 (rewind_info_t::rewind_info_t): Update for replacement of m_enode 1073 with m_setjmp_record. 1074 (rewind_info_t::get_setjmp_point): Likewise. 1075 (rewind_info_t::get_setjmp_call): Likewise. 1076 * region-model.cc (region_model::dump_summary_of_map): Likewise. 1077 (region_model::on_setjmp): Likewise. 1078 * region-model.h (struct setjmp_record): New struct. 1079 (setjmp_svalue::m_enode): Replace... 1080 (setjmp_svalue::m_setjmp_record): ...with this. 1081 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode 1082 with m_setjmp_record. 1083 (setjmp_svalue::clone): Likewise. 1084 (setjmp_svalue::get_index): Rename... 1085 (setjmp_svalue::get_enode_index): ...to this. 1086 (setjmp_svalue::get_exploded_node): Replace... 1087 (setjmp_svalue::get_setjmp_record): ...with this. 1088 10892020-01-22 David Malcolm <dmalcolm@redhat.com> 1090 1091 PR analyzer/93316 1092 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as 1093 "_setjmp". 1094 10952020-01-22 David Malcolm <dmalcolm@redhat.com> 1096 1097 PR analyzer/93307 1098 * analysis-plan.h: Wrap everything namespace "ana". 1099 * analyzer-logging.cc: Likewise. 1100 * analyzer-logging.h: Likewise. 1101 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana" 1102 namespace. 1103 * analyzer-selftests.cc: Wrap everything namespace "ana". 1104 * analyzer-selftests.h: Likewise. 1105 * analyzer.h: Likewise for forward decls of types. 1106 * call-string.h: Likewise. 1107 * checker-path.cc: Likewise. 1108 * checker-path.h: Likewise. 1109 * constraint-manager.cc: Likewise. 1110 * constraint-manager.h: Likewise. 1111 * diagnostic-manager.cc: Likewise. 1112 * diagnostic-manager.h: Likewise. 1113 * engine.cc: Likewise. 1114 * engine.h: Likewise. 1115 * exploded-graph.h: Likewise. 1116 * function-set.cc: Likewise. 1117 * function-set.h: Likewise. 1118 * pending-diagnostic.cc: Likewise. 1119 * pending-diagnostic.h: Likewise. 1120 * program-point.cc: Likewise. 1121 * program-point.h: Likewise. 1122 * program-state.cc: Likewise. 1123 * program-state.h: Likewise. 1124 * region-model.cc: Likewise. 1125 * region-model.h: Likewise. 1126 * sm-file.cc: Likewise. 1127 * sm-malloc.cc: Likewise. 1128 * sm-pattern-test.cc: Likewise. 1129 * sm-sensitive.cc: Likewise. 1130 * sm-signal.cc: Likewise. 1131 * sm-taint.cc: Likewise. 1132 * sm.cc: Likewise. 1133 * sm.h: Likewise. 1134 * state-purge.h: Likewise. 1135 * supergraph.cc: Likewise. 1136 * supergraph.h: Likewise. 1137 11382020-01-21 David Malcolm <dmalcolm@redhat.com> 1139 1140 PR analyzer/93352 1141 * region-model.cc (int_cmp): Rename to... 1142 (array_region::key_cmp): ...this, using key_t rather than int. 1143 Rewrite in terms of comparisons rather than subtraction to 1144 ensure qsort is anti-symmetric when handling extreme values. 1145 (array_region::walk_for_canonicalization): Update for above 1146 renaming. 1147 * region-model.h (array_region::key_cmp): New decl. 1148 11492020-01-17 David Malcolm <dmalcolm@redhat.com> 1150 1151 PR analyzer/93290 1152 * region-model.cc (region_model::eval_condition_without_cm): Avoid 1153 gcc_unreachable for unexpected operations for the case where 1154 we're comparing an svalue against itself. 1155 11562020-01-17 David Malcolm <dmalcolm@redhat.com> 1157 1158 PR analyzer/93281 1159 * region-model.cc 1160 (region_model::convert_byte_offset_to_array_index): Convert to 1161 ssizetype before dividing by byte_size. Use fold_binary rather 1162 than fold_build2 to avoid needlessly constructing a tree for the 1163 non-const case. 1164 11652020-01-15 David Malcolm <dmalcolm@redhat.com> 1166 1167 * engine.cc (class impl_region_model_context): Fix comment. 1168 11692020-01-14 David Malcolm <dmalcolm@redhat.com> 1170 1171 PR analyzer/93212 1172 * region-model.cc (make_region_for_type): Use 1173 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE. 1174 * region-model.h (function_region::function_region): Likewise. 1175 11762020-01-14 David Malcolm <dmalcolm@redhat.com> 1177 1178 * program-state.cc (sm_state_map::clone_with_remapping): Copy 1179 m_global_state. 1180 (selftest::test_program_state_merging_2): New selftest. 1181 (selftest::analyzer_program_state_cc_tests): Call it. 1182 11832020-01-14 David Malcolm <dmalcolm@redhat.com> 1184 1185 * checker-path.h (checker_path::get_checker_event): New function. 1186 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private. 1187 * diagnostic-manager.cc 1188 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct 1189 access to checker_path::m_events with accessor functions. Fix 1190 overlong line. 1191 (diagnostic_manager::prune_interproc_events): Replace direct 1192 access to checker_path::m_events with accessor functions. 1193 (diagnostic_manager::finish_pruning): Likewise. 1194 11952020-01-14 David Malcolm <dmalcolm@redhat.com> 1196 1197 * checker-path.h (checker_event::clone): Delete vfunc decl. 1198 (debug_event::clone): Delete vfunc impl. 1199 (custom_event::clone): Delete vfunc impl. 1200 (statement_event::clone): Delete vfunc impl. 1201 (function_entry_event::clone): Delete vfunc impl. 1202 (state_change_event::clone): Delete vfunc impl. 1203 (start_cfg_edge_event::clone): Delete vfunc impl. 1204 (end_cfg_edge_event::clone): Delete vfunc impl. 1205 (call_event::clone): Delete vfunc impl. 1206 (return_event::clone): Delete vfunc impl. 1207 (setjmp_event::clone): Delete vfunc impl. 1208 (rewind_from_longjmp_event::clone): Delete vfunc impl. 1209 (rewind_to_setjmp_event::clone): Delete vfunc impl. 1210 (warning_event::clone): Delete vfunc impl. 1211 12122020-01-14 David Malcolm <dmalcolm@redhat.com> 1213 1214 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE 1215 element has at least one TR. 1216 12172020-01-14 David Malcolm <dmalcolm@redhat.com> 1218 1219 PR analyzer/58237 1220 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location 1221 when comparing against UNKNOWN_LOCATION. 1222 (stmt_requires_new_enode_p): Likewise. 1223 (exploded_graph::dump_exploded_nodes): Likewise. 1224 * supergraph.cc (supernode::get_start_location): Likewise. 1225 (supernode::get_end_location): Likewise. 1226 12272020-01-14 David Malcolm <dmalcolm@redhat.com> 1228 1229 PR analyzer/58237 1230 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1231 selftest::analyzer_sm_file_cc_tests. 1232 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New 1233 decl. 1234 * sm-file.cc: Include "analyzer/function-set.h" and 1235 "analyzer/analyzer-selftests.h". 1236 (get_file_using_fns): New function. 1237 (is_file_using_fn_p): New function. 1238 (fileptr_state_machine::on_stmt): Return true for known functions. 1239 (selftest::analyzer_sm_file_cc_tests): New function. 1240 12412020-01-14 David Malcolm <dmalcolm@redhat.com> 1242 1243 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1244 selftest::analyzer_sm_signal_cc_tests. 1245 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests): 1246 New decl. 1247 * sm-signal.cc: Include "analyzer/function-set.h" and 1248 "analyzer/analyzer-selftests.h". 1249 (get_async_signal_unsafe_fns): New function. 1250 (signal_unsafe_p): Reimplement in terms of the above. 1251 (selftest::analyzer_sm_signal_cc_tests): New function. 1252 12532020-01-14 David Malcolm <dmalcolm@redhat.com> 1254 1255 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1256 selftest::analyzer_function_set_cc_tests. 1257 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests): 1258 New decl. 1259 * function-set.cc: New file. 1260 * function-set.h: New file. 1261 12622020-01-14 David Malcolm <dmalcolm@redhat.com> 1263 1264 * analyzer.h (fndecl_has_gimple_body_p): New decl. 1265 * engine.cc (impl_region_model_context::on_unknown_change): New 1266 function. 1267 (fndecl_has_gimple_body_p): Make non-static. 1268 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as 1269 known. Track whether we have a call with unknown side-effects and 1270 pass it to on_call_post. 1271 * exploded-graph.h (impl_region_model_context::on_unknown_change): 1272 New decl. 1273 * program-state.cc (sm_state_map::on_unknown_change): New function. 1274 * program-state.h (sm_state_map::on_unknown_change): New decl. 1275 * region-model.cc: Include "bitmap.h". 1276 (region_model::on_call_pre): Return a bool, capturing whether the 1277 call has unknown side effects. 1278 (region_model::on_call_post): Add arg "bool unknown_side_effects" 1279 and if true, call handle_unrecognized_call. 1280 (class reachable_regions): New class. 1281 (region_model::handle_unrecognized_call): New function. 1282 * region-model.h (region_model::on_call_pre): Return a bool. 1283 (region_model::on_call_post): Add arg "bool unknown_side_effects". 1284 (region_model::handle_unrecognized_call): New decl. 1285 (region_model_context::on_unknown_change): New vfunc. 1286 (test_region_model_context::on_unknown_change): New function. 1287 12882020-01-14 David Malcolm <dmalcolm@redhat.com> 1289 1290 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here 1291 from header. Replace pointer equality test on m_var with call to 1292 pending_diagnostic::same_tree_p. 1293 * diagnostic-manager.h (saved_diagnostic::operator==): Move to 1294 diagnostic-manager.cc. 1295 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New. 1296 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New. 1297 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer 1298 equality on m_arg with call to pending_diagnostic::same_tree_p. 1299 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise. 1300 (possible_null_arg::subclass_equal_p): Likewise. 1301 (null_arg::subclass_equal_p): Likewise. 1302 (free_of_non_heap::subclass_equal_p): Likewise. 1303 * sm-pattern-test.cc (pattern_match::operator==): Likewise. 1304 * sm-sensitive.cc (exposure_through_output_file::operator==): 1305 Likewise. 1306 * sm-taint.cc (tainted_array_index::operator==): Likewise. 1307 13082020-01-14 David Malcolm <dmalcolm@redhat.com> 1309 1310 * diagnostic-manager.cc (dedupe_winners::add): Add logging 1311 of deduplication decisions made. 1312 13132020-01-14 David Malcolm <dmalcolm@redhat.com> 1314 1315 * ChangeLog: New file. 1316 * analyzer-selftests.cc: New file. 1317 * analyzer-selftests.h: New file. 1318 * analyzer.opt: New file. 1319 * analysis-plan.cc: New file. 1320 * analysis-plan.h: New file. 1321 * analyzer-logging.cc: New file. 1322 * analyzer-logging.h: New file. 1323 * analyzer-pass.cc: New file. 1324 * analyzer.cc: New file. 1325 * analyzer.h: New file. 1326 * call-string.cc: New file. 1327 * call-string.h: New file. 1328 * checker-path.cc: New file. 1329 * checker-path.h: New file. 1330 * constraint-manager.cc: New file. 1331 * constraint-manager.h: New file. 1332 * diagnostic-manager.cc: New file. 1333 * diagnostic-manager.h: New file. 1334 * engine.cc: New file. 1335 * engine.h: New file. 1336 * exploded-graph.h: New file. 1337 * pending-diagnostic.cc: New file. 1338 * pending-diagnostic.h: New file. 1339 * program-point.cc: New file. 1340 * program-point.h: New file. 1341 * program-state.cc: New file. 1342 * program-state.h: New file. 1343 * region-model.cc: New file. 1344 * region-model.h: New file. 1345 * sm-file.cc: New file. 1346 * sm-malloc.cc: New file. 1347 * sm-malloc.dot: New file. 1348 * sm-pattern-test.cc: New file. 1349 * sm-sensitive.cc: New file. 1350 * sm-signal.cc: New file. 1351 * sm-taint.cc: New file. 1352 * sm.cc: New file. 1353 * sm.h: New file. 1354 * state-purge.cc: New file. 1355 * state-purge.h: New file. 1356 * supergraph.cc: New file. 1357 * supergraph.h: New file. 1358 13592019-12-13 David Malcolm <dmalcolm@redhat.com> 1360 1361 * Initial creation 1362 1363 1364Copyright (C) 2019-2020 Free Software Foundation, Inc. 1365 1366Copying and distribution of this file, with or without modification, 1367are permitted in any medium without royalty provided the copyright 1368notice and this notice are preserved. 1369